CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2011-2783
Google Chrome < 13.0.782.107 - Unauthenticated Extension Installation via NPAPI Developer Mode
CVE-2011-2359
Google Chrome < 13.0.782.107 - Denial of Service via Stale Pointer in Line Box Tracking
CVE-2011-2358
Google Chrome < 13.0.782.107 - Unauthenticated Extension Installation via Missing Confirmation Dialog
CVE-2011-2719
phpMyAdmin 3.x < 3.3.10.3 and 3.4.x < 3.4.3.2 - Session Variable Manipulation via Crafted Query String
CVE-2011-2697
HP Linux Imaging and Printing Project - Remote Code Execution via Crafted FoomaticRIPCommandLine Field
CVE-2011-2892
Joomla! 1.6.x < 1.6.2 - Clickjacking via Frame Rendering
CVE-2011-2490
OPIE < 2.4.1 - Local Privilege Escalation via setuid Return Value Mismanagement
CVE-2011-1829
APT < 0.8.15.2 - Man-in-the-Middle Package Modification via Inline GPG Signature Validation Bypass
CVE-2011-2883
Citrix Access Gateway Enterprise Edition 8.1-67.7 9.0-70.5 9.1-96.4 - Remote Code Execution via Crafted Certificate
CVE-2011-1774
Cross Platform Webkit File Dropper
CVE-2011-0215
Apple ImageIO - Remote Code Execution via Crafted TIFF File
CVE-2011-1355
IBM WebSphere Application Server 6.1-7.0 - Open Redirect via Logout Exit Page Parameter
CVE-2011-0726
Linux Kernel < 2.6.39-rc1 - ASLR Bypass via /proc/#####/stat
CVE-2011-2526
Apache Tomcat 5.5.x < 5.5.34, 6.x < 6.0.33, 7.x < 7.0.19 - Denial of Service via Unvalidated Request Attributes
CVE-2011-1001
Android SDK < 2.3 - Denial of Service via Malformed APK or Dex File
CVE-2011-2681
IBM Rational DOORS Web Access 1.4.x - Improper Input Validation
CVE-2011-2535
Asterisk 1.4.x < 1.4.41.1, 1.6.2.x < 1.6.2.18.1, 1.8.x < 1.8.4.3, C.3 < C.3.7.3 - DoS via IAX2 Option Control Frame
CVE-2011-2634
Opera < 11.10 - Search and Customization Hijacking via Third-Party Applications
CVE-2011-2632
Opera < 11.11 - Denial of Service via Silverlight Instance Destruction
CVE-2011-2631
Opera < 11.11 - Denial of Service via CSS column-count Property
CVE-2011-2630
Opera < 11.11 - Denial of Service via Easy Sticky Note Popup Reload
CVE-2011-2628
Opera < 11.11 - Remote Code Execution via FRAMESET Element Handling
CVE-2011-2608
HP OpenView Performance Agent and Operations Agent - Arbitrary File Deletion via Register Command
CVE-2011-2366
Mozilla Gecko < 5.0 - Unauthenticated Approximate Image Copy via WebGL Texture Timing Attack
CVE-2011-2200
D-Bus <1.2.28-1.5.4 - DoS/Info Disclosure
Details
Vulnerabilities 12,638
Exploit Likelihood High